diff options
| author | Ryan Steinmetz <zi@FreeBSD.org> | 2026-05-14 14:23:09 +0000 |
|---|---|---|
| committer | Ryan Steinmetz <zi@FreeBSD.org> | 2026-05-14 14:23:09 +0000 |
| commit | 78c6cd4184273b95f52f614fa42121048ba55df9 (patch) | |
| tree | 278e94d6a9e32c0cf4f134be67b2c97ba6c63967 | |
| parent | 09e01bb9eb7235443a13900b555a468505669950 (diff) | |
security/vuxml: Document www/nginx DoS/RCE
PR: 295270
Security: 3414ac89-4f9f-11f1-a1c0-0050569f0b83
| -rw-r--r-- | security/vuxml/vuln/2026.xml | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 052a8bde6c21..52a1609d882a 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,55 @@ + <vuln vid="3414ac89-4f9f-11f1-a1c0-0050569f0b83"> + <topic>www/nginx -- Remote Code Execution/DoS</topic> + <affects> +<package> +<name>nginx</name> +<range><lt>1.30.1</lt></range> +</package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>nginx development team reports:</p> + <blockquote cite="https://nginx.org/en/CHANGES-1.30"> + <p>When using the "proxy_set_body" directive, an attacker + might inject data in the proxied request to an HTTP/2 backend</p> + <p>A heap memory buffer overflow might occur in a worker + process while handling a specially crafted request by + ngx_http_rewrite_module, potentially resulting in arbitrary code + execution</p> + <p>A heap memory buffer overread might occur in a worker + process while handling a specially crafted response by + ngx_http_scgi_module or ngx_http_uwsgi_module, allowing an attacker + to cause a disclosure of worker process memory or segmentation fault + in a worker process</p> + <p>A heap memory buffer overread might occur in a worker + process while handling a specially sent response with decoding from + UTF-8 via the "charset_map" directive, allowing an attacker to cause + a limited disclosure of worker proccess memory or segmentation fault + in a worker process</p> + <p>When using HTTP/3, processing of connection migration might + cause new QUIC streams to receive a new client address before + validation, allowing an attacker to cause address spoofing</p> + <p>use-after-free might occur during DNS server response + processing if the "ssl_ocsp" directive was used, allowing an attacker + to cause worker process memory corruption or segmentation fault in a + worker process</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-42926</cvename> + <cvename>CVE-2026-42945</cvename> + <cvename>CVE-2026-42946</cvename> + <cvename>CVE-2026-42934</cvename> + <cvename>CVE-2026-40460</cvename> + <cvename>CVE-2026-40701</cvename> + </references> + <dates> + <discovery>2026-05-14</discovery> + <entry>2026-05-14</entry> + </dates> + </vuln> + <vuln vid="6e701ad2-4f61-11f1-af6d-10ffe07f9334"> <topic>mail/mailpit -- multiple vulnerabilities</topic> <affects> |